Administering Oracle REST Data Services (ORDS)
When a database deployment is created on Oracle Database Classic Cloud Service, Oracle REST Data Services (formerly known as Oracle APEX Listener) is started.
Note:
This section does not apply to database deployments that use Oracle Real Application Clusters. Such deployments do not include Oracle REST Data Services.
Adding a Signed SSL Certificate to Oracle REST Data Services
You can add a signed SSL certificate to the ORDS environment on a Database Classic Cloud Service database deployment running ORDS 3.0.5 or later.
Deployments created after early October 2016 (version 16.4.1) already have the necessary version of ORDS installed. To check your version of ORDS, connect to the deployment’s compute node and enter this command:
$ java -jar /u01/app/oracle/product/ords/ords.war version
If you need to upgrade your version of ORDS, see Updating the Cloud Tooling by Using the dbaascli Utility.
Before You Begin
To add a signed SSL certificate, you must have the following:
-
The SSL certificate file from the certificate provider. This is a
.crt
file. -
The private key file you gave to the certificate provider as part of your Certificate Signing Request (CSR). This is a
.der
or.pem
file.
Procedure
-
Copy the certificate and private key files to the database deployment’s compute node.
Copy these files as the
oracle
user to the following locations:-
Certificate file:
/u01/app/oracle/product/ords/certificate.crt
-
Private key file:
/u01/app/oracle/product/ords/privkey.der
or/u01/app/oracle/product/ords/privkey.pem
, depending on format.
For instructions on copying files to the compute node, see Copying Files to or from a Database Classic Cloud Service Database Deployment.
-
-
Connect as the
oracle
user to the compute node.For detailed instructions, see Connecting to a Compute Node Through Secure Shell (SSH).
-
If your key file is in
.pem
format, convert it to.der
format:$ cd /u01/app/oracle/product/ords $ /usr/bin/openssl pkcs8 -topk8 -inform PEM -outform DER -in privkey.pem -out privkey.der -nocrypt $ rm -f privkey.pem
-
Edit the
standalone.properties
file of your ORDS environment, adding these lines if missing:ssl.cert=/u01/app/oracle/product/ords/certificate.crt ssl.cert.key=/u01/app/oracle/product/ords/privkey.der
This file is located at
/u01/app/oracle/product/ords/conf/ords/standalone/standalone.properties
. -
Set the permissions on the certificate and private key files:
$ chown oracle:oinstall /u01/app/oracle/product/ords/certificate.crt $ chown oracle:oinstall /u01/app/oracle/product/ords/privkey.der $ chmod 400 /u01/app/oracle/product/ords/certificate.crt $ chmod 400 /u01/app/oracle/product/ords/privkey.der
-
Restart ORDS:
$ /etc/init.d/ords restart
-
Close your connection to the compute node:
$ exit
Stopping Oracle REST Data Services
-
Connect as the
opc
user to the compute node.See Connecting to a Compute Node Through Secure Shell (SSH).
-
Start a root-user command shell:
$ sudo -s #
-
Stop ORDS:
# /u01/app/oracle/product/ords/ords stop INFO: Stopping Oracle REST Data Services... INFO: Oracle REST Data Services stopped
-
Exit the root-user command shell and close your connection to the compute node:
# exit $ exit
Starting Oracle REST Data Services
-
Connect as the
opc
user to the compute node.See Connecting to a Compute Node Through Secure Shell (SSH).
-
Start a root-user command shell:
$ sudo -s #
-
Start ORDS:
# /u01/app/oracle/product/ords/ords start INFO: Starting Oracle REST Data Services... INFO: Oracle REST Data Services started with PID pid
-
Exit the root-user command shell and close your connection to the compute node:
# exit $ exit